diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2021-07-22 00:02:07 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-22 00:02:07 +0000 |
commit | 9f3ace4591752351eed2a2d640d5366b72751c4d (patch) | |
tree | d59a2791036ba69842e097e10007f62af53df03a /nixos | |
parent | 87cfb513c1454a2db75db9483d713eeca4341766 (diff) | |
parent | 8020f53c688d440707d27e2d76a5d453b7f9665e (diff) | |
download | nixpkgs-9f3ace4591752351eed2a2d640d5366b72751c4d.tar nixpkgs-9f3ace4591752351eed2a2d640d5366b72751c4d.tar.gz nixpkgs-9f3ace4591752351eed2a2d640d5366b72751c4d.tar.bz2 nixpkgs-9f3ace4591752351eed2a2d640d5366b72751c4d.tar.lz nixpkgs-9f3ace4591752351eed2a2d640d5366b72751c4d.tar.xz nixpkgs-9f3ace4591752351eed2a2d640d5366b72751c4d.tar.zst nixpkgs-9f3ace4591752351eed2a2d640d5366b72751c4d.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/corerad.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/unbound.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/plausible.nix | 18 |
3 files changed, 26 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/corerad.nix b/nixos/modules/services/networking/corerad.nix index 4acdd1d69cc..e76ba9a2d00 100644 --- a/nixos/modules/services/networking/corerad.nix +++ b/nixos/modules/services/networking/corerad.nix @@ -37,7 +37,7 @@ in { } ''; description = '' - Configuration for CoreRAD, see <link xlink:href="https://github.com/mdlayher/corerad/blob/master/internal/config/default.toml"/> + Configuration for CoreRAD, see <link xlink:href="https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml"/> for supported values. Ignored if configFile is set. ''; }; diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 09aef9a1dcf..6d7178047ea 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -21,7 +21,15 @@ let )) else throw (traceSeq v "services.unbound.settings: unexpected type"); - confFile = pkgs.writeText "unbound.conf" (concatStringsSep "\n" ((mapAttrsToList (toConf "") cfg.settings) ++ [""])); + confNoServer = concatStringsSep "\n" ((mapAttrsToList (toConf "") (builtins.removeAttrs cfg.settings [ "server" ])) ++ [""]); + confServer = concatStringsSep "\n" (mapAttrsToList (toConf " ") (builtins.removeAttrs cfg.settings.server [ "define-tag" ])); + + confFile = pkgs.writeText "unbound.conf" '' + server: + ${optionalString (cfg.settings.server.define-tag != "") (toOption " " "define-tag" cfg.settings.server.define-tag)} + ${confServer} + ${confNoServer} + ''; rootTrustAnchorFile = "${cfg.stateDir}/root.key"; @@ -170,6 +178,7 @@ in { # prevent race conditions on system startup when interfaces are not yet # configured ip-freebind = mkDefault true; + define-tag = mkDefault ""; }; remote-control = { control-enable = mkDefault false; diff --git a/nixos/modules/services/web-apps/plausible.nix b/nixos/modules/services/web-apps/plausible.nix index caf5ba466df..b56848b79d2 100644 --- a/nixos/modules/services/web-apps/plausible.nix +++ b/nixos/modules/services/web-apps/plausible.nix @@ -7,10 +7,15 @@ let # FIXME consider using LoadCredential as soon as it actually works. envSecrets = '' - export ADMIN_USER_PWD="$(<${cfg.adminUser.passwordFile})" - export SECRET_KEY_BASE="$(<${cfg.server.secretKeybaseFile})" + ADMIN_USER_PWD="$(<${cfg.adminUser.passwordFile})" + export ADMIN_USER_PWD # separate export to make `set -e` work + + SECRET_KEY_BASE="$(<${cfg.server.secretKeybaseFile})" + export SECRET_KEY_BASE # separate export to make `set -e` work + ${optionalString (cfg.mail.smtp.passwordFile != null) '' - export SMTP_USER_PWD="$(<${cfg.mail.smtp.passwordFile})" + SMTP_USER_PWD="$(<${cfg.mail.smtp.passwordFile})" + export SMTP_USER_PWD # separate export to make `set -e` work ''} ''; in { @@ -102,6 +107,11 @@ in { type = types.str; description = '' Public URL where plausible is available. + + Note that <literal>/path</literal> components are currently ignored: + <link xlink:href="https://github.com/plausible/analytics/issues/1182"> + https://github.com/plausible/analytics/issues/1182 + </link>. ''; }; }; @@ -228,6 +238,7 @@ in { WorkingDirectory = "/var/lib/plausible"; StateDirectory = "plausible"; ExecStartPre = "@${pkgs.writeShellScript "plausible-setup" '' + set -eu -o pipefail ${envSecrets} ${pkgs.plausible}/createdb.sh ${pkgs.plausible}/migrate.sh @@ -238,6 +249,7 @@ in { ''} ''} plausible-setup"; ExecStart = "@${pkgs.writeShellScript "plausible" '' + set -eu -o pipefail ${envSecrets} plausible start ''} plausible"; |